Mirror on the wall: using blue team techniques in red team ops

Marc and Mark presented at BruCON 0x0A and announced the public release of RedELK. This tool is a red team’s SIEM that we use heavily in our daily operations. The presentation details how we collect and parse data from our red team infrastructure into an ELK stack and how we can use this data to detect investigative actions of the blue team.